From e34ec5b2159ac2c7272c3abef1084ba6b763fc56 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 5 Nov 2020 17:05:21 +0100 Subject: added error handling for public key parsing --- client/client.go | 8 ++++++-- client/get-consistency-proof/main.go | 9 +++++++-- client/get-proof-by-hash/main.go | 4 +++- descriptor/descriptor.go | 9 +++------ 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/client/client.go b/client/client.go index 88ccf2f..159a5df 100644 --- a/client/client.go +++ b/client/client.go @@ -104,7 +104,9 @@ func (c *Client) AddEntry(ctx context.Context, name, checksum []byte) (*stfe.StI return nil, fmt.Errorf("bad StItem format: %v", item.Format) } - if err := VerifySignedDebugInfoV1(item, c.Log.Scheme, c.Log.Key(), leaf); err != nil { + if k, err := c.Log.Key(); err != nil { + return nil, fmt.Errorf("bad public key: %v", err) + } else if err := VerifySignedDebugInfoV1(item, c.Log.Scheme, k, leaf); err != nil { return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err) } return item, nil @@ -125,7 +127,9 @@ func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) { return nil, fmt.Errorf("bad StItem format: %v", item.Format) } - if err := VerifySignedTreeHeadV1(item, c.Log.Scheme, c.Log.Key()); err != nil { + if k, err := c.Log.Key(); err != nil { + return nil, fmt.Errorf("bad public key: %v", err) + } else if err := VerifySignedTreeHeadV1(item, c.Log.Scheme, k); err != nil { return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err) } return item, nil diff --git a/client/get-consistency-proof/main.go b/client/get-consistency-proof/main.go index 72fa804..acf116e 100644 --- a/client/get-consistency-proof/main.go +++ b/client/get-consistency-proof/main.go @@ -28,11 +28,16 @@ func main() { glog.Fatal(err) } + k, err := cli.Log.Key() + if err != nil { + glog.Fatalf("bad public key: %v", err) + } + var sth1 stfe.StItem if err := sth1.UnmarshalB64(*first); err != nil { glog.Fatalf("bad signed tree head: %v", err) } - if err := client.VerifySignedTreeHeadV1(&sth1, cli.Log.Scheme, cli.Log.Key()); err != nil { + if err := client.VerifySignedTreeHeadV1(&sth1, cli.Log.Scheme, k); err != nil { glog.Fatalf("bad signed tree head: %v", err) } glog.V(3).Info("verified first sth") @@ -41,7 +46,7 @@ func main() { if err := sth2.UnmarshalB64(*second); err != nil { glog.Fatalf("bad signed tree head: %v", err) } - if err := client.VerifySignedTreeHeadV1(&sth2, cli.Log.Scheme, cli.Log.Key()); err != nil { + if err := client.VerifySignedTreeHeadV1(&sth2, cli.Log.Scheme, k); err != nil { glog.Fatalf("bad signed tree head: %v", err) } glog.V(3).Info("verified second sth") diff --git a/client/get-proof-by-hash/main.go b/client/get-proof-by-hash/main.go index 897a8aa..04dd7dc 100644 --- a/client/get-proof-by-hash/main.go +++ b/client/get-proof-by-hash/main.go @@ -33,7 +33,9 @@ func main() { if err := sth.UnmarshalB64(*signedTreeHead); err != nil { glog.Fatalf("bad signed tree head: %v", err) } - if err := client.VerifySignedTreeHeadV1(&sth, cli.Log.Scheme, cli.Log.Key()); err != nil { + if k, err := cli.Log.Key(); err != nil { + glog.Fatalf("bad public key: %v", err) + } else if err := client.VerifySignedTreeHeadV1(&sth, cli.Log.Scheme, k); err != nil { glog.Fatalf("bad signed tree head: %v", err) } glog.V(3).Info("verified sth") diff --git a/descriptor/descriptor.go b/descriptor/descriptor.go index 267a401..1879cd8 100644 --- a/descriptor/descriptor.go +++ b/descriptor/descriptor.go @@ -53,10 +53,7 @@ func LoadOperators(path string) ([]Operator, error) { return ops, nil } -func (l *Log) Key() crypto.PublicKey { - k, err := x509.ParsePKIXPublicKey(l.PublicKey) - if err != nil { - panic("TODO: make a new function and parse public key there") - } - return k +// Key parses the log's public key +func (l *Log) Key() (crypto.PublicKey, error) { + return x509.ParsePKIXPublicKey(l.PublicKey) } -- cgit v1.2.3